- TF-M - lists.trustedfirmware.org

Re: [TF-M] Code Protection between secure services

by Ken Liu

Hi, I assume the main purpose of isolation would be protect the code been seen by the AppRoT. Let's check with the FF author for detailed answers. The building instructions now is just create separate libraries and finally combine them together - since vendors can create Secure Partitions, these modularized building can't be avoided. /Ken From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Reinhard Keil via TF-M Sent: Thursday, January 9, 2020 4:00 PM To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] Code Protection between secure services I suggest we review the requirement of code isolation on the secure side. R/W data and R/O data should definitely be isolated, but code isolation has implications: * Code cannot be share between services (i.e. no linker optimization to reduce memory footprint) * Sharing library code * Overall the build instructions of the system are more complicated * Adding device specific driver code (i.e. to crypto) can become tricky Reinhard IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

5 years

1
0
0 0

Re: [TF-M] [Request For Comments] apply "-fno-builtin" as default compiler flags

by Tamas Ban

Hi Thomas, Just for my understanding: * Does IAR provide a C std. lib as part of IAR toolchain package? * How the std C lib linked to the image? Does user provide an explicit flag which std. C lib to linked to the image? Tamas From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Thomas Törnblom via TF-M Sent: 08 January 2020 12:45 To: tf-m(a)lists.trustedfirmware.org Subject: Re: [TF-M] [Request For Comments] apply "-fno-builtin" as default compiler flags The IAR toolchain does not produce any special "builtin" calls and thus does not have any flag similar to "-fno-builtin". /Thomas Den 2020-01-08 kl. 03:53, skrev Ken Liu via TF-M: Hi, ï¿½ As TF-M needs runtime APIs so we are creating the Secure Partition runtime library, code is ready but we have not forwarded all necessary runtime APIs to the version TF-M implemented, this was caused by the toolchain optimization for built-in APIs, such as: ï¿½ - Forward printf(%s) to puts if there is only one string parameter. - ARMCLANG would forward memxxx API into an optimized variant. ï¿½ With the '-fno-builtin' flags set in the toolchain, this optimization would be disabled so that user just implement the same name built-in to replace the toolchain version. ï¿½ Please help to check these point before applying '-fno-builtin' and provide your feedback: ï¿½ - Could toolchains out of ARMCLANG and GNUARM have a similar flag? - Would it affect your project setting and how does it affect? ï¿½ Please help to feedback. I will keep this thread open for ~1 week and let's get a conclusion after this. ï¿½ Thanks! ï¿½ /Ken -- Thomas Tï¿½rnblom, Product Engineer IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com<mailto:thomas.tornblom@iar.com> Website: www.iar.com<http://www.iar.com> Twitter: www.twitter.com/iarsystems<http://www.twitter.com/iarsystems> IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

5 years

1
0
0 0

Re: [TF-M] The logging mechanism change in TF-M

by Ken Liu

Hi, We have a prototype audit logging service and one of the purposes is to provide the event logging. The reason we keep printf first is that it is so direct and some projects reference it, for example, booting or services. Eventually, we need can investigate the possibility of forwarding all printf into event logging. One question is that there needs to be a buffer for collecting the events so it has limited capacity? /Ken From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Reinhard Keil via TF-M Sent: Thursday, January 9, 2020 3:42 PM To: tf-m(a)lists.trustedfirmware.org Subject: [TF-M] The logging mechanism change in TF-M I recommend instead of using printf with plain text strings, to change the concept to event annotations. This is already implemented in several RTOS systems (i.e. FreeRTOS or RTX). Event annotations give you more flexibility: * can be mapped to memory buffer, printf output, or analysers like Event Recorder in MDK or Percepio * annotations are described in XML file using event groups. Can be mapped to test automation systems and reduce overhead * no direct mapping to a peripheral. UART may be not available on all systems. * overall less overhead in the system (as printf is expensive). Can remain in production code when it just goes to memory buffer Let me know if you want to have further pointers or information. Reinhard IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

5 years

1
0
0 0

Code Protection between secure services

by Reinhard Keil

I suggest we review the requirement of code isolation on the secure side. R/W data and R/O data should definitely be isolated, but code isolation has implications: * Code cannot be share between services (i.e. no linker optimization to reduce memory footprint) * Sharing library code * Overall the build instructions of the system are more complicated * Adding device specific driver code (i.e. to crypto) can become tricky Reinhard IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

5 years

1
0
0 0

The logging mechanism change in TF-M

by Reinhard Keil

I recommend instead of using printf with plain text strings, to change the concept to event annotations. This is already implemented in several RTOS systems (i.e. FreeRTOS or RTX). Event annotations give you more flexibility: * can be mapped to memory buffer, printf output, or analysers like Event Recorder in MDK or Percepio * annotations are described in XML file using event groups. Can be mapped to test automation systems and reduce overhead * no direct mapping to a peripheral. UART may be not available on all systems. * overall less overhead in the system (as printf is expensive). Can remain in production code when it just goes to memory buffer Let me know if you want to have further pointers or information. Reinhard IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you. IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

5 years

1
0
0 0

Re: [TF-M] [Call for cygwin volunteers] Remove the mbed-crypto building workaround

by Ken Liu

Got 3 feedbacks till now all reports no problem. I am going to merge this one before end of today. /Ken From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Ken Liu via TF-M Sent: Monday, January 6, 2020 1:56 PM To: tf-m(a)lists.trustedfirmware.org Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] [Call for cygwin volunteers] Remove the mbed-crypto building workaround Thanks for the feedback, let me take a note. /Ken From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Qixiang Xu via TF-M Sent: Monday, January 6, 2020 1:49 PM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Subject: Re: [TF-M] [Call for cygwin volunteers] Remove the mbed-crypto building workaround Ken, I have cherry picked the patch and tested it on Cygwin: $ cmake --version cmake version 3.11.1 CMake suite maintained and supported by Kitware (kitware.com/cmake). The patch works and no issue found. Best Regards, Qixiang Xu From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Ken Liu via TF-M Sent: Monday, January 6, 2020 11:00 AM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: [TF-M] [Call for cygwin volunteers] Remove the mbed-crypto building workaround Hi, I create a patch for removing the workaround for mbed-crypto building: https://review.trustedfirmware.org/c/trusted-firmware-m/+/3022 We tried on cmake 3.7 and 3.10 with cygwin and it works; can some Cygwin/mingw user pick this patch and test if it could work in your side? Thanks for your contribution 😊 /Ken IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

5 years

1
0
0 0

Re: [TF-M] [Request For Comments] apply "-fno-builtin" as default compiler flags

by Ken Liu

Thanks Thomas, then IAR won't be a difficult part for this. /Ken From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Thomas Törnblom via TF-M Sent: Wednesday, January 8, 2020 7:45 PM To: tf-m(a)lists.trustedfirmware.org Subject: Re: [TF-M] [Request For Comments] apply "-fno-builtin" as default compiler flags The IAR toolchain does not produce any special "builtin" calls and thus does not have any flag similar to "-fno-builtin". /Thomas Den 2020-01-08 kl. 03:53, skrev Ken Liu via TF-M: Hi, ï¿½ As TF-M needs runtime APIs so we are creating the Secure Partition runtime library, code is ready but we have not forwarded all necessary runtime APIs to the version TF-M implemented, this was caused by the toolchain optimization for built-in APIs, such as: ï¿½ - Forward printf(%s) to puts if there is only one string parameter. - ARMCLANG would forward memxxx API into an optimized variant. ï¿½ With the '-fno-builtin' flags set in the toolchain, this optimization would be disabled so that user just implement the same name built-in to replace the toolchain version. ï¿½ Please help to check these point before applying '-fno-builtin' and provide your feedback: ï¿½ - Could toolchains out of ARMCLANG and GNUARM have a similar flag? - Would it affect your project setting and how does it affect? ï¿½ Please help to feedback. I will keep this thread open for ~1 week and let's get a conclusion after this. ï¿½ Thanks! ï¿½ /Ken -- Thomas Tï¿½rnblom, Product Engineer IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com<mailto:thomas.tornblom@iar.com> Website: www.iar.com<http://www.iar.com> Twitter: www.twitter.com/iarsystems<http://www.twitter.com/iarsystems>

5 years

1
0
0 0

Re: [TF-M] [Request For Comments] apply "-fno-builtin" as default compiler flags

by Thomas Törnblom

The IAR toolchain does not produce any special "builtin" calls and thus does not have any flag similar to "-fno-builtin". /Thomas Den 2020-01-08 kl. 03:53, skrev Ken Liu via TF-M: > > Hi, > > As TF-M needs runtime APIs so we are creating the Secure Partition > runtime library, code is ready but we have not forwarded all necessary > runtime APIs to the version TF-M implemented, this was caused by the > toolchain optimization for built-in APIs, such as: > > - Forward printf(%s) to puts if there is only one string parameter. > > - ARMCLANG would forward memxxx API into an optimized variant. > > With the '-fno-builtin' flags set in the toolchain, this optimization > would be disabled so that user just implement the same name built-in > to replace the toolchain version. > > Please help to check these point before applying '-fno-builtin' and > provide your feedback: > > - Could toolchains out of ARMCLANG and GNUARM have a similar flag? > > - Would it affect your project setting and how does it affect? > > Please help to feedback. I will keep this thread open for ~1 week and > let's get a conclusion after this. > > Thanks! > > /Ken > > -- *Thomas Törnblom*, /Product Engineer/ IAR Systems AB Box 23051, Strandbodgatan 1 SE-750 23 Uppsala, SWEDEN Mobile: +46 76 180 17 80 Fax: +46 18 16 78 01 E-mail: thomas.tornblom(a)iar.com <mailto:thomas.tornblom@iar.com> Website: www.iar.com <http://www.iar.com> Twitter: www.twitter.com/iarsystems <http://www.twitter.com/iarsystems>

5 years

1
0
0 0

Re: [TF-M] TF-M Technical Forum call - January 9

by Anton Komlev

Hi All, Thanks, Ken and Edison for offering the topics for tomorrow's Tech forum. The agenda (always open) starts from: 1. Secure Partition Runtime Library 2. PSA FF 1.0.0 alignment Best regards, Anton From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org> On Behalf Of Edison Ai via TF-M Sent: 07 January 2020 08:19 To: 'tf-m(a)lists.trustedfirmware.org' <tf-m(a)lists.trustedfirmware.org> Cc: nd <nd(a)arm.com> Subject: Re: [TF-M] TF-M Technical Forum call - January 9 Hi Anton, I will share something about the PSA FF 1.0.0 alignment. About 10 - 15 minutes. Thanks, Edison From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Ken Liu via TF-M Sent: Tuesday, January 7, 2020 3:33 PM To: tf-m(a)lists.trustedfirmware.org<mailto:tf-m@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: Re: [TF-M] TF-M Technical Forum call - January 9 Hi Anton, I can share the status of Secure Partition Runtime Library in the tech forum. /Ken From: TF-M <tf-m-bounces(a)lists.trustedfirmware.org<mailto:tf-m-bounces@lists.trustedfirmware.org>> On Behalf Of Anton Komlev via TF-M Sent: Tuesday, January 7, 2020 1:56 AM To: TF-M(a)lists.trustedfirmware.org<mailto:TF-M@lists.trustedfirmware.org> Cc: nd <nd(a)arm.com<mailto:nd@arm.com>> Subject: [TF-M] TF-M Technical Forum call - January 9 Hello, Hope that the new year is truly happy for everybody. The next session of the Technical Forum is planned on the coming Thursday, January 9th. Regarding the time, I think that the last session was a good compromise to suit majority of the participants so propose to keep the time slot at 7:00-8:00 UTC. This time suits members in Europe and Asia, although participants from US (specially from the East coast) might have inconveniences. Reminding that the recorded sessions and materials are available on the web site: https://www.trustedfirmware.org/meetings/tf-m-technical-forum/ Please reply to this email to post your topics for the agenda. Any questions, proposals, concerns are all valid points for our open discussion so do not hesitate to share it. Best regards, Anton Komlev

5 years

1
0
0 0

[Request For Comments] apply "-fno-builtin" as default compiler flags

by Ken Liu

Hi, As TF-M needs runtime APIs so we are creating the Secure Partition runtime library, code is ready but we have not forwarded all necessary runtime APIs to the version TF-M implemented, this was caused by the toolchain optimization for built-in APIs, such as: - Forward printf(%s) to puts if there is only one string parameter. - ARMCLANG would forward memxxx API into an optimized variant. With the '-fno-builtin' flags set in the toolchain, this optimization would be disabled so that user just implement the same name built-in to replace the toolchain version. Please help to check these point before applying '-fno-builtin' and provide your feedback: - Could toolchains out of ARMCLANG and GNUARM have a similar flag? - Would it affect your project setting and how does it affect? Please help to feedback. I will keep this thread open for ~1 week and let's get a conclusion after this. Thanks! /Ken

5 years

1
0
0 0

2025

2024

2023

2022

2021

2020

2019

2018

TF-M